philips-software
diff --git a/‎…er/cpp/devcontainer-metadata-vscode.json‎ ‎…container/cpp/devcontainer-metadata.json‎.devcontainer/cpp/devcontainer-metadata-vscode.json renamed to .devcontainer/cpp/devcontainer-metadata.json b/‎…er/cpp/devcontainer-metadata-vscode.json‎ ‎…container/cpp/devcontainer-metadata.json‎.devcontainer/cpp/devcontainer-metadata-vscode.json renamed to .devcontainer/cpp/devcontainer-metadata.json
diff --git a/‎…r/rust/devcontainer-metadata-vscode.json‎ ‎…ontainer/rust/devcontainer-metadata.json‎.devcontainer/rust/devcontainer-metadata-vscode.json renamed to .devcontainer/rust/devcontainer-metadata.json b/‎…r/rust/devcontainer-metadata-vscode.json‎ ‎…ontainer/rust/devcontainer-metadata.json‎.devcontainer/rust/devcontainer-metadata-vscode.json renamed to .devcontainer/rust/devcontainer-metadata.json
diff --git a/‎.github/instructions/workflows.instructions.md‎
Lines changed: 13 additions & 0 deletions b/‎.github/instructions/workflows.instructions.md‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎.github/workflows/continuous-integration.yml‎
Lines changed: 47 additions & 1 deletion b/‎.github/workflows/continuous-integration.yml‎
Lines changed: 47 additions & 1 deletion
diff --git a/‎.github/workflows/image-cleanup.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/image-cleanup.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/issue-cleanup.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/issue-cleanup.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/linting-formatting.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/linting-formatting.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/ossf-scorecard.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/ossf-scorecard.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/pr-conventional-title.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/pr-conventional-title.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/pr-image-cleanup.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/pr-image-cleanup.yml‎
Lines changed: 2 additions & 0 deletions
@@ -0,0 +1,13 @@
+---
+applyTo: ".github/workflows/*.yml"
+---
+
+# GitHub Workflows Guidelines
+
+When writing GitHub Action workflows, ensure that:
+
+- Workflows that have a workflow_call trigger have their filename prefixed with `wc-`.
+- For all re-usable workflows, only the top-level workflow (workflows that are not called themselves by other workflows with workflow_call) has defaults and descriptions for inputs to avoid duplication.
+- All workflows and action definitions have a name that is descriptive and concise, using emoji where appropriate.
+- The sorting order for inputs, secrets, and outputs is alphabetical.
+- The sorting order of other keys is consistent across the repository.
@@ -1,5 +1,5 @@
 ---
-name: Continuous Integration
+name: CI
 
 on:
   merge_group:
@@ -14,6 +14,10 @@ permissions: {}
 
 jobs:
   build-push-test:
+    name: 🛠️ Build → Push → Test (🍨 ${{ matrix.flavor }})
+    strategy:
+      matrix:
+        flavor: [cpp, rust]
     uses: ./.github/workflows/wc-build-push-test.yml
     secrets:
       TEST_GITHUB_TOKEN: ${{ secrets.TEST_GITHUB_TOKEN }}
@@ -28,3 +32,45 @@ jobs:
       id-token: write
       packages: write
       pull-requests: write
+    with:
+      devcontainer-metadata-file: .devcontainer/${{ matrix.flavor }}/devcontainer-metadata.json
+      dockerfile: .devcontainer/${{ matrix.flavor }}/Dockerfile
+      image-name: ${{ github.repository }}-${{ matrix.flavor }}
+      integration-test-file: test/${{ matrix.flavor }}/integration-tests.bats
+      acceptance-test-path: ${{ matrix.flavor == 'cpp' && 'test/cpp/features' || '' }}
+      test-devcontainer-file: ${{ matrix.flavor == 'cpp' && '.devcontainer/cpp-test/devcontainer.json' || '' }}
+
+  dependency-review:
+    name: 🔍 Dependency Review
+    needs: build-push-test
+    uses: ./.github/workflows/wc-dependency-review.yml
+    permissions:
+      contents: read
+      pull-requests: write
+
+  publish-test-results:
+    name: 📊 Publish Test Results
+    runs-on: ubuntu-latest
+    permissions:
+      checks: write
+      pull-requests: write
+    needs: build-push-test
+    if: ${{ !cancelled() }}
+    steps:
+      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        with:
+          disable-sudo: true
+          egress-policy: audit
+      - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        with:
+          merge-multiple: true
+          pattern: test-results-*
+      - uses: EnricoMi/publish-unit-test-result-action@3a74b2957438d0b6e2e61d67b05318aa25c9e6c6 # v2.20.0
+        with:
+          files: test-report-*.xml
+
+  generate-documents:
+    name: 📄 Documentation
+    uses: ./.github/workflows/wc-document-generation.yml
+    permissions:
+      contents: read
@@ -9,7 +9,8 @@ on:
 permissions: {}
 
 jobs:
-  delete-images:
+  cleanup-images:
+    name: 🧹 Clean Images
     runs-on: ubuntu-latest
     permissions:
       # dataaxiom/ghcr-cleanup-action needs packages write permission
@@ -19,7 +20,6 @@ jobs:
       - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
         with:
           disable-sudo: true
-          egress-policy: block
           allowed-endpoints: >
             api.github.com:443
             ghcr.io:443
 
@@ -9,6 +9,7 @@ permissions: {}
 
 jobs:
   close-issues:
+    name: ♻️ Close Stale Issues & PRs
     runs-on: ubuntu-latest
     permissions:
       issues: write
 
@@ -19,6 +19,7 @@ permissions:
 
 jobs:
   linter:
+    name: 🧹 Lint & Format
     runs-on: ubuntu-latest
     permissions:
       contents: read
 
@@ -13,6 +13,7 @@ permissions: read-all
 
 jobs:
   ossf-scorecard:
+    name: 🛡️ OpenSSF Scorecard
     runs-on: ubuntu-latest
     permissions:
       security-events: write
 
@@ -12,14 +12,14 @@ permissions: {}
 
 jobs:
   validate-pr-title:
+    name: ✅ Validate PR Title
     runs-on: ubuntu-latest
     permissions:
       pull-requests: write
     steps:
       - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
         with:
           disable-sudo-and-containers: true
-          egress-policy: block
           allowed-endpoints: >
             api.github.com:443
       - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
@@ -33,7 +33,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
-        if: always() && steps.pr-title.outputs.error_message != null
+        if: ${{ !cancelled() && steps.pr-title.outputs.error_message != null }}
         with:
           header: pr-title-lint-error
           message: |
 
@@ -9,6 +9,7 @@ permissions: {}
 
 jobs:
   delete-images:
+    name: 🗑️ Delete PR Images
     runs-on: ubuntu-latest
     permissions:
       packages: write
@@ -22,6 +23,7 @@ jobs:
           delete-tags: pr-${{ github.event.pull_request.number }}
           packages: amp-devcontainer,amp-devcontainer-cpp,amp-devcontainer-rust
   cleanup-cache:
+    name: 🧹 Cleanup Cache
     runs-on: ubuntu-latest
     permissions:
       # actions: write permission is required to delete the cache